Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: CEH program and Sybex Study Guide
From: Security Auditor <auditor.sec () gmail com>
Date: Sat, 1 Oct 2011 23:36:23 +0200

Hi Alberto ,
In my personal viewpoint, each certification has a different objective
and caters a different set of audience. Problem comes when we setup
wrong expectations from the course. This is generally what happens
with c|EH. The name hacker in the cert is catalyst to set the wrong
expectations.
Security is a very demanding field. you always have to on edge of the
technology, means need to devote much time to it compared to other
professions. Therefore choose wisely, if you love it then only opt it.
Secondly security cannot be learnt by doing a 5 or a 10 day boot camp.
 It is more of an art, a different kind of thinking,
(unconventional/out of box). OSCP is an awesome course but is not for
beginners, if someone does not have any experience in this field, it
is very demanding in the LAB as it is more of a self tuition basis and
can get frustrating at times for people who are new in the field.
(people with some experience are used to struggling so becomes a bit
easier).

When one knows how something is working, then easy to think how to
circumvent the controls or write your tools to achieve this.
Any know how about a scripting language (server side) is good and helpful.
so in a nut shell first set your expectations, and then see which
course can bridge that in the best way.

cheers


Audi

On Fri, Sep 30, 2011 at 7:08 PM, Robert Musser <rmusser2209 () gmail com> wrote:

I have something to add here, I'm currently enrolled in the eCPPT course, I'm on the last module and am about to 
start doing the online web app pentests as practice for the test. I have not taken the oscp. From what I've seen and 
understand, the course(eCPPT) itself is nice in the sense it's a reference organized nicely and you have lifetime 
access to it. The forums are not that active and the test is penetrating a web app, not a full box you need to own. 
If you have the time, money, and dedication go straight for the oscp, as it's $250 more than the eCPPT for 60 days 
lab access. If not then the eCPPT  is fine, just be aware that the focus is on web app technologies. As for my 
background, I have no security Certs, have not worked in a Securuty related field and hold the MS-70-680/686 
MCITP:EDA. I have followed computer security for the past 8 years as a hobby. One thing I highly recommend you 
purchasing and reading front to cover for the eCPPT is the 2nd edition of the web app hackers handbook. It has really 
helped me and I highly suggest it. (along with OWASP of course...)
-

On Sep 28, 2011, at 6:08 AM, Michael Richard <alfarichard () gmail com> wrote:

Hi Alberto,


I completely agree with Clement and Bandar.

I'm a beginner in infosec too, and recently I passed the Security+
exam. My next step will be the eLearningSecurity certification (eCPPT
| http://www.elearnsecurity.com/). Why? Two answers:

First, I personally belive that the CEH training don't really prepare
you for the job, I come to this conclusion after a brief look at the
material (version 6) and after read some reviews on the web. Basicly
they cover too much about tools and too little about the technics
itself.

Second, the OffSec BackTrack is a little bit expensive for me right
now, and I don't think I have the knowledge necessary to enjoy the
course (is really a badass course :)

I think a more hands-on approach will be far more benefic for my
learning experience. So, the path I've chosen is this: Sec+ -> eCPPT
(eLearn training) -> OSCP (Offsec training) -> OSCE (Offsec training).

Here some reviews:

CEH - http://www.ethicalhacker.net/content/view/54/24/
eCPPT - http://www.ethicalhacker.net/content/view/307/24/ &
http://www.darknet.org.uk/2010/05/elearnsecurity-online-penetration-testing-training/
OSCP - http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1152.0/
OSCE - http://linuxisp.co.uk/content/ctp

Edit: Sending again because the list does not handle MIME messages.

[  ]'s


Michael Richard
@alfarichard


2011/9/24 Alberto Medina <amedinaj () gmail com>

Hi all,
I know maybe in this list you have talk a lot about CEH program, but I want to know what do you really think about 
this program (CEH)? Is this really useful to start in information security? And what do you think about the Sybex 
Study Guide, by "Kimberly Grave"?
I do this question because a couple of years ago I took the CompTIA Security+ exam and passed it, but I wanna to 
continue the preparation in the field of information security and Ethical hacking, and someone recommended me the 
"Certified Ethical Hacker" certification as a good way to continue the path, so a bought the Sybex Study Guide for 
the exam, but I don't see a lot of difference between the content of Security+ program and this one, I thought I'd 
find the CEH deeper in the subject than Security+ program.
In fact, I found this Sybex guide is not very actual, there's not any mention to Windows 7 or even Vista, the tools 
mentioned are kind of old, in the "cracking password" section they don't talk about rainbow tables, only a littler 
mention; in the "backdoor" sections she (the author) recommend adding an additional hard disk to the computer and 
boot from there for protection using the backdoor she mention, or buy a Windows netbook, but it's not better using 
a VM in for testing?
Anyway, I just want to know what you think about this program? If not, what do you recommend for continue the path 
to Ethical Hacking and Information Security.

Thank you and best regards,
Alberto Medina

(Excuse my English :) )


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB 
CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------





-- 
Cheers,
Audi

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Re: CEH program and Sybex Study Guide Security Auditor (Oct 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]